An exploitation tool aimed at creating hijackable, proxy-based DLLs by taking advantage of COM-based system DLL image loading. FaceDancer performs two main functions:
• Recon: Scans a given DLL to create the export definition file for proxying.
• Attack: Creates a malicious DLL containing shellcode that can proxy valid function requests to the legitimate DLL.
FaceDancer contains zero evasion techniques. FaceDancer’s sole focus is discovering and generating DLLs for proxying. It is important that the inputted DLL contains all the necessary evasion techniques.
We See What Others Cannot
